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CLAIMS 



What is claimed is: 



1 1 . An ephemeral-output-only browser. 
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system for protecting content distributed through a network comprising: 
a client computer operable for connecting to the network and for executing a 
client program that limits user control over the content distributed through the network; 
and 

a server computer operable for connecting to the network and for executing a 
security program foKsecuring the content distributed through the network. 

3. The system of cla^m 2, wherein the client program is an ephemeral-output-only 
web browser. 



1 4. The system of claim 2, wherein the^lifent program is an add-in security module 

2 for executing as part of a standard w^b b/pwsef and wherein user control over 
S 3 reproduction of the content, in at lea 
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5. The system of claim 2, wherein the chent program executes as a separate window 
in a standard web browser and wherein user control over reproduction of the content, in at 
least one form, is limited. 



1 6. The system of claim 2, wherein the security prog^^m distributes the content to the 

2 client computer only when the client computer is executing t^e client program, in at least 

3 one form, is limited. 
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7. \ The system of claim 2, wherein the security program secures the content using a 
common security model. 

8. Tnfe system of claim 2, wherein the security program secures a portion of the 
content usink an individual security model. 

9. The system of claim 2, wherein the client program limits user control over the 
content through a technique chosen from the group consisting of: 

message monitoring, clipboard flushing, function disabling, source code 
encryption, content localization, secure document packaging, cache encryption, and 
device content monitoriirg, 

and wherein user control overproduction of the content in any non-ephemeral 
output manner is prevented. \ // 

10. A method of enabling a provider to protect content distributed on a network 
comprising: ' V 

acquiring a server security program; 

executing the server security program on a server computer connected to the 
network; and \ 

distributing the content only to a client computer executing a limited-user client 
program which limits reproduction of the content in at least one form. 

11. The method of claim 10, further comprisingX 

acquiring a plurality of copies of the limited-usV client program; and 
downloading one of the plurality of copies to the client computer. 

12. The method of claim 10, wherein distributing the content comprises: 
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\obtaining a promise of compensation from a user of the client computer. 

13. Thevmethod of claim 12, wherein the compensation is a one-time fee. 

14. The mechod of claim 12, wherein the compensation is a subscription fee. 

15. The methodW claim 12, wherein the compensation is a per-session fee. 

16. The method of clkim 12, wherein the compensation is a per-access fee. 

17. The method of claim ^Weinjhe^ client program disables a certain 
user function and the comp^risa^n comprises a fee for re-enabling the certain user 
function. y \ I 

18. The method of claim 17, wherem the certain user function modifies the content. 

19. The method of claim 17, wherein tnfe certain user function copies the content to a 
different medium. \ 

A method of receiving com pensation for a security system for protecting content 
distributed on a network comprisirg: 

selling a server security pre gram to a content provider; and 
selling a plurality of copies for a limited-use client program to the content 
provider for licensing to users wis ling to access the content. 
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1 21. The method of claim 20, wherein the compensation-is received at least from one 

2 of (a) when the server security program is executed by the content provider and (b) when 
^3 the content provider licenses one of the plurality pi copies. 



22. The method of claim 20, wherein/me server security program distributes the 
content to a client system if the client system has a limited-use client program and 

3 wherein the limited-use client program limits reproduction of the content in at least one 

4 way. 



1 23. The methockof claim 20, wherein the compensation is based on advertising 

2 revenue obtained by the content provider based on advertising displayed in connection 

3 with a user accessing content protected by the security system. 
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24. A inethod for controlling access to information presented by a web browser 
comprising: 

presenting\content within a browser window of the web browser; and 
disabling a dis^lowed user function when the content is within the browser 
window. 



ling the disallowed user function 




25. The method of claim 24, wj 

comprises: 

intercepting a message posted to 
hiding the content if the browser is not 



window; and 
reground application. 



1 26. The method of claim 24, wherein disabling the disavowed user function 

2 comprises: 
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clearing a commonly shared inter-application memory when the inter-application 
memory is accessed. 

27. The method of claim 24 wherein disabling the disallowed user function 
comprises: 

hiding a user mhnu selection corresponding to the disallowed user function. 

28. The method of claim ^4, wherein disabling the disallowed user function 
comprises: 

intercepting a keyboard m&ssage; and 
discarding the keyboard message if it corresponds to the disallowed user function. 

29. The method of claim 24, wherein\iisapling the disallowed user function 
comprises: 

monitoring a context for a device; 

discarding a user action directed tojthe d^vicje when the context matches the 
content. 

30. The method of clam 24, wherein the disallowea user function is one of a plurality 
of default disallowed user functions and further comprising: 

leaving active one of the plurality of default disallowed user functions. 



3 1 . The method of 30, further comprising providing information with the content that 
determines the one of the plurality of default disallowed user functions to be left active. 
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1 32\ The method of claim 24 wherein the disallowed user function is selected from the 

2 groupVonsisting of print, page setup, save, save as, view source, save picture as, set as 

3 wallpaper, copy, screen capture, screen print, cut. 

1 33. The n^ethod of claim 24 further comprising managing authentication of a web 

2 client. 

1 34. The methodW claim 24 further comprising processing a request from a web client 

2 for encrypted content.N 



Q 1 35. The method of claiiji 24 further comprising creating a unique identifier for a web 
2 client. 
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1 36. The method of claim 24 f^rth^rtomprising encrypting the content with a key 

2 based on the unique identifier for th£ w< :b client. 



1 37. The method of claim 24 wherer 



the content comprises user perceivable 



□ 2 information in a hyper-text markup language (HTML) format. 



1 38. The method of claim 24 wherein the eContent comprises user perceivable streaming 

2 information. 

1 39. The method of claim 24 wherein the contei^ comprises at least one of video 

2 information and audio information. 



1 40. The method of claim 24 wherein the disallowed u$er function comprises a user 

2 function which, when allowed, provides for non-ephemeralVeproduction of the content. 
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1 41. \The method of claim 24 wherein the content comprises user perceivable 

2 information in a scripting language format. 

\ 0 

1 42. The mfethod of claim 24 wherein the content comprises user perceivable 

2 information in acommon gateway interface (CGI) language format. 

1 43. The methocr^of claim 24 wherein the content comprises user perceivable 

2 information in a J A YA language format. 
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44. A computer-readable medium having stored thereon computer executable 
instructions to cause a client digital processing system and a server digital processing 
system to perform a method\jomprising: 

transmitting content fr\m the server.djgital processing system to the client digital 
processing system over a netwof 

owser window on the client digital processing 



presenting the content wit 
system; and 

disabling a disallowed user 
window wherein the disallowed user function 
allowed, provides for non-ephemeral 



len the content is within the browser 
comprises a user function which, when 
ucition of the content. 



1 45. The computer-readable medium of clainj 44 wherein disabling the disallowed user 

2 function comprises: 

3 intercepting a message posted to the browsek window; and 

4 hiding the content if the browser is not a foreground application. 



1 46. The computer readable medium of claim 44 wherei^ disabling the disallowed user 

2 function comprises: 
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3 \ clearing a commonly shared inter-application memory if the inter-application 

4 memory is accessed. 

1 47. Thocomputer readable medium of claim 44 wherein disabling the disallowed user 

2 function comprises: 

3 hiding a\user menu selection corresponding to the disallowed user function. 

1 48. The computer readable medium of claim 44, wherein disabling the disallowed 

2 user function comprised: 

3 intercepting a keyboard message; and 

q 4 discarding the keyboard message if it corresponds to the disallowed user function. 

^ 1 49. The computer readable medium of claim 44, wherein disabling the disallowed 

2 user function comprises: \ I \ 

*y \ If \ -~ 

y 1 3 monitoring a context for a devM^andT 

^ 4 discarding a user action directed to theldevice when the context matches the 

fU 5 content. I \ 

Q \ 

ri \ 

1 50. The computer readable medium of claim 44 further comprising instructions to 

2 cause the server digital processing system to manage\the authentication of the client 

3 digital processing system. \ 

1 51. The computer readable medium of claim 44 further comprising instructions to 

2 cause the server digital processing system to process a request from of the client digital 

3 processing system for encrypted content. ^ 
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1 52. Tttie computer readable medium of claim 44 further comprising instructions to 

2 cause the client digital processing system to create a unique identifier for the client digital 

3 processing system. 

1 53. The computer readable medium of claim 52 further comprising instructions to 

2 cause the clientViigital processing system to encrypt the content with a key based on the 

3 unique identifier. \ 

1 54. The computerVeadable medium of claim 44 wherein the pre-determined function 

2 is selected from the grotto consisting of print, page setup, save, save as, view source, save 
q 3 picture as, set as wallpaper, copy, screen capture, screen print, cut. 

ih 1 55. A client digital processing system for controlling access to content presented by a 

^ 2 web browser, the client digital processing system comprising: 

3 a processor; \ / \ 

if; 4 a network interface logically d(oupldd to the proces^or to receive the content; 

ru 5 a browser logically coupled the net^ierJfmterface to present the content within 

O 6 a browser window; and // \\ 

7 a security module logically [coupled tVbhe browser to disable disallowed user 

8 functions when the content is in the browser wikdow wherein the disallowed user 

9 function comprises a user function which, when aJJowed, provides for non-ephemeral 
10 reproduction of the content. \ 

1 56. The client digital processing system of claim 55,\vherein the security module 

2 comprises: \ 

3 a message monitor to intercept a message posted to the\browser window; and 
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4 \ a browser controller logically coupled to the message monitor to hide the content 

5 if the browser is not a foreground application. 

1 57. Th$ client digital processing system of claim 55, wherein the security module 

2 comprises a browser controller that clears a commonly shared inter-application memory 

3 when the interXapplication memory is accessed. 

1 58. The client digital processing system of claim 55, wherein the security module 

2 comprises a browsercontroller that encrypts the content. 
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a network interface logic; 
content from the client digital pn 

a server module logicall] 
to the client digital processing 



59. A server digital processing system for controlling access to content distributed to 
a client digital processing system, the server digital processing system comprising: 

a processor; 

coupled to the processor to receive a request for the 
system; 

couplecj to the network interface to distribute the content 
/stem in Response to the request; and 
a security module logically coupled\o the server module to determine if the 
request is from a client digital processing systbm executing a limited-use client program 
which prevents at least one form of non-ephemeral reproduction. 

60. The server digital processing system of claim 5^, wherein the security module is 
further operable to: 

create a secure document object containing the conteh^ if the content is protected 
under an individual security model; and 

pass the secure document object to the server module for distribution in response 
to the request. 
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1 61 . The server digital processing system of claim 59, wherein the security module is 

2 furtn^r operabh to: 

3 ^ncrypt the content if the content is protected under a common security model; 

4 and 

5 pas^the encrypted content to the server module for distribution in response to the 

6 request. 
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62. A computer-readable medium having stored thereon computer executable 
instructions to cause a client digital processing system to perform a method comprising: 

receiving protected content from a server digital processing system; 

presenting the protected content within a browser window; and 

disabling disallowed user functions when the protected content is in the browser 

window wherein the disallowed user function comprises a user function which, when 

allowed, provides for non-epnemeral reproduction of the content. 

63. The computer-readable memum of claim 62 further comprising: 



intercepting a message ypstel 
hiding the protected Cj&tfefit if 



1 64. 



thebrowser window; and 
le browser is not a foreground application. 



A computer readable medium of\claim 62 wherein the disallowed user function is 



2 enabled when content in the browser window \s not designated to be protected such that 

3 non-ephemeral reproduction of such content is allowed. 



1 65. A computer-readable medium having stored thereon computer executable 

2 instructions to cause a server digital processing system to^erform a method comprising: 
receiving a request for protected content from a clienKdigital processing system; 
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4 \ determining if the request is from a client digital processing system executing a 

5 liri^ited-use client program; and 

6 \ distributing the protected content to the client digital processing system in 

7 response to the request only if the client digital processing system is executing the 

8 limited-use client program, wherein the limited-use client program prevents at least one 

9 form omon-ephemeral reproduction of the protected content. 
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1 66. ThV computer-readable medium of claim 65, further comprising: 

2 creating a secure document object containing the protected content if the content 

3 is protected under an individual security model; and 

4 passings the secure document object to the server module for distribution in 

5 response to the request. 
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67. The computer-readable medium of claim 65, further comprising: 



encrypting the 
security model; and 

passing the j 
the request. 
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content if the content is protected under a common 



fent to the server module for distribution in response to 



68. A computer readable mtedium of claim 65 wherein the limited-use client program 
disables a disallowed user function that comprises a user function which, when allowed, 
provides for non-ephemeral reproduction of the content. 



1 69. A computer readable medium ofVlaim 68 wherein the disallowed user function is 

2 enabled when content is not designated to protected such that non-ephemeral 

3 reproduction of such content is allowed. 
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70. A computer readable medium of claim 69 wherein non-ephemeral reproduction of 
theWotected content is allowed after a transaction between the client digital processing 
system and the server digital processing system. 

71. A computer readable medium of claim 70 wherein the transaction comprises at 
least one of a compensation to a provider of the protected content or an exchange of 
identificatioii of the client digital processing system. 

72. A computer readable medium having stored thereon a secure document package 
data structure comprising: 

a document package header field containing data representing a description for the 
secure document package; 1 

a delivery object field containing/akta representing executable code to manage the 
secure document package described by the documentj>aelcage header field; and 

a document field containin^aata representing content contained in the secure 
document package described byWej^ipient package header field. 

73. The computer readable mediiun of claim 72, wherein the document package 
header field comprises : \ 

a package identifier field containingsdata representing an identifier for the secure 
document package. \ 



74. The computer readable medium of claim 72,V herein the document field 
comprises: 

a document identifier field containing data representing an identifier for the 
content. 
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1 75\ A computer data signal embodied in a carrier wave and encoding a data structure 

2 containing protected content comprising: 

3 a (document package header field containing data representing a description for the 

4 secure document package; 

5 a delivery object field containing data representing executable code to manage the 

6 secure document package described by the document package header field; and 

7 a document field containing data representing content contained in the secure 

8 document package described by the document package header field. 

1 76. The computer readable medium of claim 75, wherein the document package 

Q 2 header field comprises: 
SJ 3 a package identifier fielft containing \data representing an identifier for the secure 



4 document package. 



1 77. The computer readable mqgiunsj of ch im 75, wherein the document field 

2 comprises: 

a document identifier field containing data representing an identifier for the 



3 



y 4 content. 



1 78. A system for controlling reproduction of cbntent on a client computer comprising: 

2 means for receiving content to be protected; and 

3 means for displaying the protected content on tne client computer while 

4 preventing at least one form of reproduction of the conter 



1 79. The system of claim 78, wherein the means for displaymg comprises: 

2 means for disabling user functions that reproduce the content. 
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The system of claim 79, wherein the means for displaying further comprises: 
leans for enabling disabled user functions under pre-determined conditions. 



1 81. A systenvfor controlling reproduction of content stored on a server computer 

2 comprising: 

3 means for protefc^ing cont^t itored on the server; 

4 means for receiving request fcyvtfie protected content; and 

5 means for determining^^ request is from a requestor that limits reproduction of 

6 protected content, 



1 82. The system of claim 8 1 , wherein ct^e means for protecting comprises: 

2 means for creating a secure documenrobject containing the content. 

1 83. The system of claim 8 1 , wherein the means ro( protecting comprises: 

2 means for encrypting the content. 
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